5,363 research outputs found
Secure Cloud Storage with Client-Side Encryption Using a Trusted Execution Environment
With the evolution of computer systems, the amount of sensitive data to be
stored as well as the number of threats on these data grow up, making the data
confidentiality increasingly important to computer users. Currently, with
devices always connected to the Internet, the use of cloud data storage
services has become practical and common, allowing quick access to such data
wherever the user is. Such practicality brings with it a concern, precisely the
confidentiality of the data which is delivered to third parties for storage. In
the home environment, disk encryption tools have gained special attention from
users, being used on personal computers and also having native options in some
smartphone operating systems. The present work uses the data sealing, feature
provided by the Intel Software Guard Extensions (Intel SGX) technology, for
file encryption. A virtual file system is created in which applications can
store their data, keeping the security guarantees provided by the Intel SGX
technology, before send the data to a storage provider. This way, even if the
storage provider is compromised, the data are safe. To validate the proposal,
the Cryptomator software, which is a free client-side encryption tool for cloud
files, was integrated with an Intel SGX application (enclave) for data sealing.
The results demonstrate that the solution is feasible, in terms of performance
and security, and can be expanded and refined for practical use and integration
with cloud synchronization services
Single-random phase encoding architecture using a focus tunable lens
We propose a new nonlinear optical architecture based on a focus tunable lens and an iterative phase retrieval algorithm. It constitutes a compact encryption system that uses a single-random phase key to simultaneously encrypt (decrypt) amplitude and phase data. Summarily, the information encoded in a transmittance object (phase and amplitude) is randomly modulated by a diffuser when a laser beam illuminates it; once the beam reaches a focus tunable lens, different subjective speckle distributions are registered at some image plane as the focal length is tuned to different values. This set of speckle patterns constitutes a delocalized ciphertext, which is used in an iterative phase retrieval algorithm to reconstruct a complex ciphertext. The original data are decrypted propagating this ciphertext through a virtual optical system. In this system, amplitude data are straightforwardly decrypted while phase data can only be restored if the random modulation produced in the encryption process is compensated. Thus, an encryption-decryption process and authentication protocol can simultaneously be performed. We validate the feasibility of our proposal with simulated and experimental results.Fil: Mosso Solano, Edward Fabian. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Pontificia Universidad Católica de Valparaíso; ChileFil: Bolognini, Nestor Alberto. Universidad Nacional de La Plata. Facultad de Ciencias Exactas; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata. Centro de Investigaciones Ópticas. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones Científicas. Centro de Investigaciones Ópticas. Universidad Nacional de La Plata. Centro de Investigaciones Ópticas; ArgentinaFil: Pérez, D.G.. Pontificia Universidad Católica de Valparaíso; Chil
Execution Integrity with In-Place Encryption
Instruction set randomization (ISR) was initially proposed with the main goal
of countering code-injection attacks. However, ISR seems to have lost its
appeal since code-injection attacks became less attractive because protection
mechanisms such as data execution prevention (DEP) as well as code-reuse
attacks became more prevalent.
In this paper, we show that ISR can be extended to also protect against
code-reuse attacks while at the same time offering security guarantees similar
to those of software diversity, control-flow integrity, and information hiding.
We present Scylla, a scheme that deploys a new technique for in-place code
encryption to hide the code layout of a randomized binary, and restricts the
control flow to a benign execution path. This allows us to i) implicitly
restrict control-flow targets to basic block entries without requiring the
extraction of a control-flow graph, ii) achieve execution integrity within
legitimate basic blocks, and iii) hide the underlying code layout under
malicious read access to the program. Our analysis demonstrates that Scylla is
capable of preventing state-of-the-art attacks such as just-in-time
return-oriented programming (JIT-ROP) and crash-resistant oriented programming
(CROP). We extensively evaluate our prototype implementation of Scylla and show
feasible performance overhead. We also provide details on how this overhead can
be significantly reduced with dedicated hardware support
- …